On Wed, May 20, 2020 at 6:34 PM <bill.c.roberts@xxxxxxxxx> wrote: > From: William Roberts <william.c.roberts@xxxxxxxxx> > > The current Travis CI runs the userspace tooling and libraries against > policy files, but cannot test against an SELinux enabled kernel. Thus, > some tests are not being done in the CI. Travis, unfortunately only > provides Ubuntu images, so in order to run against a modern distro with > SELinux in enforcing mode, we need to launch a KVM with something like > Fedora. > > This patch enables this support by launching a Fedora32 Cloud Image with > the SELinux userspace library passed on from the Travis clone, it then > builds and replaces the current SELinux bits on the Fedora32 image and > runs the SELinux testsuite. > > Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> >From the text above I infer that this patch is intended against the userspace repo, right? If so, I don't quite see the usefulness of running the selinux-testsuite on every userspace change... It is mainly intended for testing the kernel and only a small part of its running time is spent on running (i.e. testing in a sense) the SELinux userspace programs. Not to mention that in your patch it runs with the userspace shipped in Fedora and not the version from the given commit... However, it could be very useful if this was added to the testsuite's CI instead so that it can verify that the testsuite patches don't break something. But note that you'd need to modify the script a bit to copy over the testsuite snapshot being tested to the VM and run that, instead of the current master. Anyway, thank you for working on this! I never realized that it could be so easy to run a Fedora VM from Travis. If I find some time maybe I can find some more ways to use this... For example we could run the Fedora/RHEL SELinux userspace tests from [1] after installing (not yet sure how) the userspace built from the currently tested userspace repo commit. [1] https://src.fedoraproject.org/tests/selinux/tree/master -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
